Commit Graph

9 Commits

Author SHA1 Message Date
Brandon Weeks
0dc056af7d Fix golangci-lint findings 2022-11-01 13:38:49 -07:00
Malte Poll
e99c3e104e
Ignore MokListTrusted events in ParseUEFIVariableAuthority (#284) 2022-09-09 15:58:48 -07:00
Joe Richey
df6b91cbdb test: Use Fatalf instead of Errorf to prevent segfault
Signed-off-by: Joe Richey <joerichey@google.com>
2022-04-04 13:48:39 -07:00
Tom D
82f2c9c2c7
Merge pull request from GHSA-99cg-575x-774p
* AKPublic.Verify: Return an error if a provided PCR of the correct
   digest was not included in the quote.
 * AKPublic.VerifyAll: Implement VerifyAll method, which can cross-check
   that provided PCRs were covered by quotes across PCR banks.
 * PCR.QuoteVerified(): Introduce getter method to expose whether a
   PCR value was covered during quote verification.
2022-01-31 09:10:07 -08:00
Alex Wu
0a3c6e82bf
Ignore SBAT events in ParseUEFIVariableAuthority (#222)
As part of the Boothole fixes, shim has introduced an
SBAT feature https://github.com/rhboot/shim/blob/main/SBAT.md.
SBAT configuration is configured to log to PCR7 using
EV_EFI_VARIABLE_AUTHORITY.
493bd940e5/mok.c (L228-L247)

This causes issue with ParseUEFIVariableAuthority, as
it asssumes that an event with type EV_EFI_VARIABLE_AUTHORITY
can be parsed as EFI_SIGNATURE_DATA, per section 3.3.4.8
of the TCG PC Client Platform Firmware Profile Specification.
2021-06-03 14:28:24 -07:00
Tom D
ee5bb94c43
WIP processing image load events (#216) 2021-05-10 12:11:58 -07:00
Tom D
3b5f0a5e00
Begin implementing extraction of windows info from the event log (#167) 2020-06-01 17:35:23 -07:00
Tom D
ab116a02a1
Implement workaround for secureboot authority events from shim (#158) 2020-05-01 14:20:54 -07:00
Tom D
e134551bb0
Implement extractor for determining secure boot state (#148) 2019-12-19 12:28:32 -08:00